Cloud storage systems provide users with the ability to store electronic documents and other files on a remote network rather than on a local computer. This allows users to access the remotely stored files from any device that is capable of connecting with the remote network, for example using a web browser over an Internet connection. Cloud storage systems may also provide users with a large amount of memory to store files so that users are not limited by the memory capacity of the devices that they own.
Users may access and manage files stored on the cloud storage system using tools provided by the cloud storage system. For example, the cloud storage system may provide a user interface for users to view, edit, and manage files stored on the system and to share files with other users. Cloud computing services may work in tandem with the cloud storage system to allow users to create and edit files and allow collaboration between users on the same file. These cloud storage system tools and services are typically controlled by the cloud storage system, and will be referred to herein as first-party systems or services.
Additionally, users may access and manage files stored on the cloud storage system (i.e., the first-party cloud storage system) using services and applications provided by third-party applications or services, such as third-party websites over the Internet. These third-party applications or services may allow users to create and modify files stored on the first-party cloud storage system. For example, a user may want to open and edit a drawing file stored on the first-party cloud storage system from a third-party drawing application. A user may also want to share the drawing file opened in the third-party drawing application with other users, through the first-party cloud storage system.
To facilitate access of users to first-party stored files from third-party applications, a first-party cloud storage system may want to provide third-party applications with an embeddable user interface, such as a widget, through which the user can access files stored on the cloud storage system. At the same time, embedding first-party widgets in third-party applications raises significant security concerns because the first-party system may not be able to control the way in which the third-party application is using or displaying the first-party widget. In one serious attack known as clickjacking, an attacker embeds a widget in a transparent, malicious third-party web frame and overlays the transparent frame over another nontransparent, seemingly legitimate frame. As a result, the user is tricked into clicking on the malicious transparent frame while believing she is clicking on the legitimate frame. This attack may have serious, unintended consequences, such as the user unintentionally making public a confidential file or unintentionally editing or deleting a file.